Описание
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- ExploitIssue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- ExploitIssue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mantisbt:mantisbt:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:2.5.1:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00741
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
debian
больше 8 лет назад
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x be ...
CVSS3: 6.1
github
больше 3 лет назад
MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php
EPSS
Процентиль: 72%
0.00741
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79